Toucan is currently a monitor to defend against man in the middle attacks (Both IPv4/IPv6 attacks) on a wireless network. For IPv4, when an attacker is discovered sending a gratuitous ARPs, Toucan will ‘un-poison’ the victim and the default gateway by sending out defensive ARPs with their original logged L2 addresses, and will then deauth the attacker off of the network and blacklist their L2 address. Additionally, toucan supports IPv6 spoofing defense by monitoring for gratuitous neighbor advertisements (since there is no ARP in IPv6).